Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
X-Check
Timing-Allow-Origin
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Template
X-Language
X-CDN
Content-Encoding
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Buckets
X-Type
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Age
X-Pass-Why
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Cache-Group
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
P3p
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Cache-Lookup
X-Device
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Application-Context
X-Server-Id
Allow
X-Instart-Request-ID
Pinterest-Generated-By
X-Dns-Prefetch-Control
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Url
X-Clacks-Overhead
Server-Timing
Request-Id
X-Cloud-Trace-Context
X-Country
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
Report-To
Rating
X-TTL
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
Charset
Edge-Control
X-Server-ID
X-ESI
X-Powered-CMS
X-TtlSet
X-Vname
X-PC
X-FTR-Request-ID
X-Server-Name
X-CF-Powered-By
X-DataDome
Feature-Policy
X-DynaTrace-JS-Agent
X-MS-InvokeApp
X-Cached
X-Goog-Hash
NEL
X-Vhost
Public-Key-Pins
X-Origin-Cache
X-Recruiting
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Geo-Segment
X-ORACLE-DMS-ECID
X-VARITI-CCR
X-F-Cache
X-ORACLE-DMS-RID
X-DynaTrace
X-Version
X-Powered-By-Plesk
X-Mod-Pagespeed
X-D2id
X-SRCache-Fetch-Status
X-T
X-SRCache-Store-Status
X-Client-IP
Verso
X-Abt-Application-Version
Content-MD5
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
Arc-Version
X-Mobile-Rewrite
PB-PID
PB-RID
X-Dispatcher
AR-ATIME
AR-PoweredBy
RTSS
X-N
AR-CACHE
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Cdn
X-Forwarded-Proto
X-GitHub-Request-Id
X-Hits
X-Navigation-Version
Nginx-Cache
X-Ruxit-JS-Agent
X-Dw-Request-Base-Id
Paypal-Debug-Id
Realpath
X-B
X-Upstream
X-Pad
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Shield-Request-Id
X-Content-Digest
X-Content-Options
X-Varnish-Age
X-Grace
Arr-Disable-Session-Affinity
X-Id
SPIisLatency
X-Ttl
SPRequestDuration
X-Kinsta-Cache
X-Cache-Hit
MS-Author-Via
TCN
X-NWS-LOG-UUID
Access-Control-Request-Method
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Logged-In
X-Acc-Meta-Resource-Type
X-XRDS-Location
S
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
DynaTrace
X-Trace
X-Vcap-Request-Id
X-VCache
X-Origin-Upstream-Status
X-HW
X-MSEdge-Ref
X-DIS-Request-ID
X-Zen-Fury
Cleartype
Front-End-Https
Eomportal-Instance
Surrogate-Key
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-Cache-Rule
X-FTR-Backend
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-PressLabs-Stats
X-Fastly-Request-ID
X-Via-JSL
Service-Worker-Allowed
X-NF-Request-ID
X-Oneagent-Js-Injection
Cache-Status
X-User-Agent
X-IPLB-Instance
X-FastCGI-Cache
X-Forwarded-For
Server-Name
X-Request-Processing-Time
X-Request-Received
Tracecode
X-Hostname
X-SS-Set-Cookie
Fastcgi-Cache
Host
Backend-Timing
X-Varnish-Backend
X-Analytics
X-Cache-2
Alternate-Protocol
Rt-Fastcgi-Cache
X-Wix-Server-Artifact-Id
FilterID
Viewport
TP-L2-Cache
X-Whom
X-Fastcgi-Cache
X-AOL-HN
Display
X-Sol
TP-Cache
X-Middleton-Display
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-Proxied
X-Revision
X-Middleton-Response
X-Rid
Response
X-Content-Powered-By
X-Srv
X-AppVersion
X-Az
X-Activity-Id
X-Ser
ServerID
X-Debug-Info
X-Debug
X-Contextid
X-Cache-Control
AR-SID
AMP-Access-Control-Allow-Source-Origin
X-Magnolia-Registration
X-Cached-By
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Akam-SW-Version
Refresh
X-Mobile
X-Cache-Server
Server-Info
HitType
HitInfo
Accept-Charset
X-B3-Traceid
X-Page-Id
X-Instance
X-Framework
X-WPE-Loopback-Upstream-Addr
X-Generated-By
X-App-Server
Ar-Sid
X-FB-Debug
Cache-Tag
X-Geo-Country
Powered-By-ChinaCache
X-Cache-Age
X-LB-Cache
X-BCube-Filmed-By
X-Varnish-Hostname
X-App-Environment
X-Cache-Operation
X-PHP-Backend
X-Request-Guid
X-Webkit-Csp
X-Content-Security-Policy-Report-Only
X-Varnish-Grace
X-TT
X-Signature
X-Handled-By
X-RateLimit-Remaining
X-B-Cache
Server-Node
Retry-After
Host-Header
Source
X-Origin-Server
X-Device-Type
X-Tumblr-Pixel
X-Cache-Key
X-Tumblr-Pixel-0
X-Tumblr-User
X-Accel-Expires
Upgrade-Insecure-Requests
X-URL
X-XRDS-LOCATION
X-Hyper-Cache
X-Platform-Server
X-Newrelic-App-Data
X-NewRelic-App-Data
X-WA-Info
X-GUploader-UploadID
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
DC
X-Akamai-Edgescape
X-TT-TIMESTAMP
X-Amzn-Trace-Id
X-APP-VERSION
X-Drupal-Cache-Tags
X-ATG-Version
X-CACHE-GROUP
X-Amz-Meta-S3cmd-Attrs
X-Cache-Action
Liferay-Portal
X-Varnish-Server
X-Cluster
Fastly-Restarts
X-Edge-Location
Webserver
X-B3-Sampled
X-Node-Name
X-Port
AR-Request-ID
NGB
X-Accel-Buffering
X-Ruxit-Js-Agent
X-S
X-Cacheable-TTL
X-Locale
X-Seen-By
X-Wix-Petri-Ex
X-Wix-Request-Id
X-Jobs
X-GeoIP
X-WebKit-CSP-Report-Only
X-Source
ServedBy
X-RequestSource
AsisCache
Filters
Actual-Object-TTL
X-Varnish-Hits
X-Correlation-ID
X-Tumblr-Pixel-1
X-FW-Serve
X-Tumblr-Pixel-2
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Server
MS-CV
X-Correlation-Id
X-Distil-CS
S-Cnection
X-RTag
GEO-INFO
X-Cache-TTL-Remaining
X-Amz-Replication-Status
HostName
X-Region
Served-By
X-Cache-Config
X-UA
Cache
X-UA-Device-Type
X-Cache-Remote
X-Edge-Cache
Country
X-Vg-Webcache
X-Edge-Cache-Key
X-Webkit-CSP
Content-Script-Type
X-Adobe-Loc
Content-Style-Type
X-Adobe-Content
X-TA-CDN-Provider
X-Sucuri-ID
Datacenter
X-PC-AppVer
Accept-CH
X-Guploader-Uploadid
X-PC-Hit
X-PC-Key
X-Drupal-Cache-Contexts
Ohc-File-Size
X-Dynatrace-Js-Agent
X-PC-Date
X-Ocache
X-PC-Host
X-UUID
X-Unique-ID
Pagespeed
X-RateLimit-Limit
X-Microcachable
X-Internal-Host
X-Status
X-HOST
X-GZip
X-Varnish-IP
X-Amz-Server-Side-Encryption
X-Real-IP
X-DataStream-Cache-Status
X-Akamai-Transformed
X-Esi
X-TX-ID
X-Ezoic-Cdn
IBM-Web2-Location
Healthy
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Rendered-As
X-RN-RSRV
X-ProxyCache-Status
X-ProxyCache-Key
X-Cache-Category-Id
User-Cache-Control
X-Agile
X-Grey
Meta-Geo
Load-Balancing
X-Detected-As
X-Agile-Age
X-Web-Node
X-Akamai-Request-ID
X-Generated
X-Agile-Id
X-JoinUs
X-App-Name
X-Is-Bot
Machine
Access-Control-Allow-Method
X-IP
X-BYPASS-REASON
Selected-FE
X-Xfnlog-Site
X-Backend-Name
X-Mode
X-TNCMS
Mn-Server-Ip
X-Loop
Xserver
X-CCM
X-ServerID
X-Origin
X-Debug-Cache
X-Proxy-Build
X-Timing-Wait
X-Human
X-Hosted-By
X-Instance-Name
X-Content-Type
X-FC-Vary-Parameters
S-Rt
L5d-Success-Class
X-OCL
X-BB-IP
X-PCL
Payment
Backend
X-NodeID
X-Proxy
X-Servedby
X-Tb
X-Viewer-Country
X-Varnish-Cacheable
Cache-Key
Cache-Name
DB-Nickname
ServerName
User-Agent
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-RegionName
LB
X-Time-Microsecs
X-Varnish-Cache-Hits
X-Original-Request
X-EIG-Tracking-Id
X-Upgrade-Enabled
X-PERF
Now
Azure-Version
X-Site-Version
X-ApacheServer
X-Path-Route
X-NCache
X-VWS-Id
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
X-Zipkin-Id
X-LJ-Flow-ID
X-CDN-Forward
X-Vgn-Hpd-Reason
X-Via-Fastly
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
X-CDN-Cache
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
X-Www-Served-By
X-Distributor
X-TWH-CORRELATION-ID
X-OVcl
X-OVcl-Cache
X-Routing-Service
X-SplitTest
Dont-Set-Cookie
X-Origin-Hint
X-AWS-Id
X-Time
X-NGENIX-Cache
X-Access
X-Section
X-Origin-CC
X-Rocket-Nginx-Bypass
X-Pubstack
X-Amz-Meta-Surrogate-Control
X-RemovedCookies
X-Cache-Ttl
X-Format
X-ProcessESI
Access-Control-Request-Headers
X-Storage
PageSpeed
SRV
X-Cache-Backend
X-Environment-Context
X-L-Path
X-Webstats-RespID
Countrycode
X-ServedBy
X-Sucuri-Cache
Edge-Cache-Tag
X-HS-Cache-Config
WZWS-RAY
X-Generation-Time
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Labrador-Cache-Channel
X-Oss-Request-Id
X-Oss-Object-Type
X-Proto
X-Connection-Hash
X-Oss-Storage-Class
X-Twitter-Response-Tags
X-Transaction
Cteonnt-Length
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-Spanid
X-Nc
X-Optimization
X-MP-GENERATED-AT
X-Cache-HT
Ms-Operation-Id
X-M-Log
X-Qnm-Cache
X-M-Reqid
Cache-Hits
X-Ah-Environment
Apicache-Version
Apicache-Store
X-Hit
X-SERVER-NAME
X-Cache-NE
X-Birta-Cache-Post
X-Newrelic-Synthetics
X-Birta-Served
X-Meta-Tbi-Cache-Vertical
X-Tumblr-Pixel-3
X-CLOUD-TRACE-CONTEXT
Fastly-SSL
From-Origin
X-Real-Ip
X-Varnish-Beresp-Grace
X-V
X-Cache-Enabled
X-EdgeConnect-Cache-Status
X-Release
NnCoection
X-Varnish-Beresp-Status
Ec-Rule-Version
Ws
X-Upstream-HT
X-Dc
X-Geo
X-Upstream-CT
Cartoon
NODE
X-CF-Lambda-Version
X-Worker
X-CF-Lambda-Fn
X-BB-ID
X-Application
X-Alternate-Cache-Key
X-ARC
X-B-Cookie
X-Block-Status
Xc-Version
X-D
X-Died
X-We-Are-Hiring
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-From
X-Env
X-Trv-Group
X-SVT-ORM-VERSION
X-Alicdn-Da-Ups-Status
X-Accel-Expires-Debug
X-SERVER
X-Date
X-Destination
X-WebServer
X-Wix-Route-ID
BehaviorPad-Version
GMS-Ver
Request-EU
Resin-Trace
Fly-Request-Id
Server-ID
Fly-Cache
Request-Country
Rendered-Blocks
MD5-Digest
Kp-EeAlive
Httpd-Identifier
Host-ID
Meta-Geo-Continent
SN
T-Server
Cache-Prefix
X-A
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Dcw
Www
Web-Mar-Node
V-Age
Country-Code
Viewtype
VivaBuild
Warning
X-A-Wwc
X-Developer
X-RCS-CacheZone
X-TT-LOGID
X-Region-Sid
X-Response-By
X-Rojux
X-Rewrite-Enabled
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-VG-WebServer
X-Org
X-Origin-Date
X-Origin-Expires
X-PAYTM-SRV-ID
X-UE-Client-Country
X-Rule
X-S-Cookie
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-SVT-ORM-RULES
X-SRCache-Key
X-ShardId
X-Sf
X-Varnish-Beresp-Ttl
X-S-Maxage
X-ScT
X-Server-By
X-Server-Time
X-NU-AKA-ACS-Version
X-Planisys-CDN-Rules
X-Hl-Ver
X-Via-Edge
X-App-Version
X-Generated-In
X-Gen-Mode
X-Via-CDN
X-G
X-Hnp-Log
ProcessTime
X-C
X-GeoIP-Country-Code
X-Hash
X-GeoIP-City
RNT-Time
X-Device-Os
X-Server-IP
Server-Host
RNT-Machine
Proxy-Connection
MI-Cache
MI-Cache-Age
X-SIPLIST1
X-Fetched-On
X-Fstrz
NGX
Origin-Cache-Control
Server-Int
Release
Platform
PFcat
Origin-Edge-Control
X-Edge-Server
Thinkindot-CacheControl-Type
X-Origin-TTL
X-Matched-Rule
X-Logtrace-Id
X-Clientip
IsBot
X-Amz-Meta-Cache-Control
X-Cache-Host
X-Node-Id
X-Backend-State
X-Cache-URL
X-MI-In-Market
X-Content-Age
X-Crawler
X-IN-APIGATEWAY
Uber-Trace-Id
True-Client-Country-4JS
Thinkindot-Control
X-Cache-Bucket
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-CS
X-Request-URI
X-Thinkindot-L3
X-VServer
Thinkindot-CacheControl
X-Cache-CFC
Adler-Geo
Apple-News-Services-Handled
Fastly-Backend-Name
XServer
Is-Eu
Apple-News-Services-Host
Ajk
Apple-News-Services-Request-Url
Cdn-Host
CDCHOST
Cdn-Request-Time
Cneonction
Apple-News-Services-Parsed-Url
X-Debug-Cookies
X-Croise-Owner
X-Debug-Log
X-Edge-IP
X-Core-Value
X-Epic-Correlation-Id
X-Eu-Site
Time
X-Cache-Control-Set-By
X-Backend-Host
X-Actual-URL
X-Backend-Url
X-F5-Cache
X-CGP
X-Cache-Expires
X-Core-Mission
X-FireWall-Port
X-ServiceProvider
X-Swa-Ws
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Trace-Id
X-Up
X-Wikidot-Static-Cache
X-Redis-Cache
X-Wikidot-Backend
X-VG-TLSProxy
X-Varnish-HitMiss
X-Returned-From
X-Rebelmouse-Surrogate-Control
X-NX-Host
X-P-T
X-No-Session
X-HCF
Backend-Name
X-Passed-To
X-Passed-To-BeforeDispatch
X-Rebelmouse-Cache-Control
X-Platform
X-Phone
X-Passed-To-DLL
X-Fastly-Cache
X-Passed-To-PostProcessResponse
HA-Georegion
HA-Servedtime
Decoy-Debug-TTL
HA-Geocountry
HA-Urlpath
HA-Geolat
On-Server
Odigeo-Trace-Id
HA-Ipaddr
Fastly-Soc-X-Request-Id
Fastly-SWR
Decoy-Debug-Status
Decoy-Debug-Key
Who
Fastly-SIE
Cache-Tags
HA-Geolon
HA-Cloudapp
Ha-Gx-Prefs
HA-Host
Request-Time
HA-Geocity
Origin
MI-API
Pragrma
X-ElasticPress-Search
X-HS-Combine-CSS
X-Developers
X-From-Cache
X-Forwarded-Host
X-Ckpd-Fst-Backend
X-GRACE
X-Info
Powered-By
X-GoCache-CacheStatus
X-Refresh
Content-Disposition
X-UnsetCookies
X-Backend-TTL
AKAMAI
X-Var-Ttl
HTTPS
X-Ver
Heartbleed
X-Nginx-Cache
X-Cdn-Srv
X-Reboot
X-Cache-Srv
X-Cdn-Origin
Esi-Enabled
X-Cache-ASPX
X-Stale
X-Sn-Servicetimems
X-Server-Group
X-Via-SSL
X-Atg-Version
NtCoent-Length
Ohc-Response-Time
X-Req
X-Cdn-Forward
X-B3-TraceId
X-Skip-Cache
X-Ms-Version
X-Cache-FS-Status
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Location
X-BBXSRF
RequestId
Dnion-Transfer-Encoding
X-Response-Served-From
X-Cache-Time
Is-Session-Tracking
X-Micro-Cache
X-MSEdge-Flight
X-MSEdge-Features
WWW-Authenticate
Frame-Options
Get-Access-Time
X-Pjax-Url
X-Servername
X-WR-MODIFICATION
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Csrf-Token
X-Owner
X-Powered-By-ANYU
X-Key
X-Pf-Uncompressing
Mime-Version
X-User
X-Request-Time
X-CUA
NodeID
X-CCM-LastModified
Cdn
X-NC
X-Page-Type
We-Hiring
WP-Super-Cache
Mail-Subject
X-Varnish-Url
X-Cache-TTL
X-Ua
MIME-Version
Dynatrace
X-Litespeed-Cache
X-TIME
X-External-Request-Id
X-COUNTRY
CF-IPCountry
X-NWS-UUID-VERIFY
Section-Io-Cache
X-DC
GW-Server
UCS
X-CSRF-Token
PICS-Label
X-Cache-Handler
X-LiteSpeed-Cache-Control
X-Aicache-OS
PageType
X-Pc-Key
Version
X-Pc-Hit
X-Servedbyhost
GeoIp-Country-Code
Geoip-City
Geoip-Latitude
Magicmarker
X-Pc-Appver
X-GDPR
X-Varnish-Action
FastCGI-Cache
X-Nf-Srv-Version
Rt-Proxy-Cache
X-Cache-Id
X-Varnish-Id
X-Pc-Host
X-Varnish-Beresp-TTL
X-Pc-Date
X-Request-UUID
X-Bip
Memcached
X-Dynatrace
X-Thanos
Accept-CH-Lifetime
X-Fastly-Backend-Reqs
CACHE
X-GEO
X-CACHE-KEY
Memory
X-Variation
Pagetype
X-Nananana
If-Modified-Since
X-TId
X-Via-NSCOPI
COMMERCE-SERVER-SOFTWARE
X-ServedByHost
CDN
X-Ibm-Trace
X-Server-W
X-Irp-Debug
Processtime
X-Be
X-StackifyID
X-Wa
Arc-Country
Sid
GeoIP-City
Node
X-UPSTREAM-Address
GeoIP-Country-Code
GeoIP-Latitude
X-Load-Cache
X-Cluster-Node
Sta2Tusw
X-BE
X-HTML-Minification-Powered-By
X-Shard
X-Gdpr
X-DataStream-MidMile-RTT
X-Auto-Login
X-DataStream-Origin-MEX-Latency
X-Hail-Hydra
X-Layer
X-Frame-Option
X-Sentry-ID
X-Ig-Deployment-Stage
X-Tid
X-Proxy-Server
X-Varnish-Ttl
URI
DataCenter
RATING
Pics-Label
X-FW-Version
X-ID
X-FORWARDED-FOR
X-RateLimit-Limit-Second
X-Fastly-Cache-Hits
X-RateLimit-Remaining-Second
X-Nginx-Cache-Key
X-PAGE-TYPE
X-Varnish-URL
X-Datadome
X-NGINX-Cache
Srv
Cf-Ipcountry
X-SRV
X-Gen-Id
X-EC-Security-Audit
X-Secret
X-Ratelimit-Remaining
Pramga
X-Bug-Bounty
X-Akamai-Request-ID2
X-Gannett-Site-Version
Group
X-GZIP
V-Cache
X-Surge-Debug
X-Haproxy-Ip
X-PJAX-URL
X-B3-SpanId
X-Shield-Cache-Expires
X-Public
X-Haproxy-Hostname
X-PF-Uncompressing
Cache-Provider
X-ADI-VCache
X-Endurance-Cache-Level
X-Ratelimit-Limit
X-CacheKey
X-Dw-Trace-Id
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Cache-Var
Cache-Cookie-Set-Idcheck
Mobile-Detection-Method
X-Cache-Var-Map
OT-Force-Account-Verify
SD-X-WS
X-APP
X-Cache-Debug
X-Feature
X-ND-Cache
X-Litespeed-Cache-Control
Hostname
Serverid
Xet-Cookie
X-Store
X-Ms-Lease-State
X-VCT
X-RequestId
X-Fe
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId-Cached
Lb
X-Distil-Cs
X-Akamai-ERRuleID
X-CDN-Pop-IP
X-Akamai-ERPolicy
X-CDN-Pop
X-RAMCache
X-WA
REQUESTUUID
X-Unique-Id
X-VG-WebCache
X-SD-PageType
GEO-REGION-INFO
X-Request-Start
X-Cookie
Requestid
N-Cache
X-ServerName
X-Grace-Duration
X-Varnish-ID
Accept-Ch